mirror of http://138.197.108.81/gattes/matrix.git
Tweaking coturn service, removing TCP and fixing TLS (enforcing >TLS1.2)
This commit is contained in:
parent
47998d1efc
commit
2b11e01506
|
@ -746,6 +746,5 @@ syslog
|
||||||
|
|
||||||
# Do not allow an TLS/DTLS version of protocol
|
# Do not allow an TLS/DTLS version of protocol
|
||||||
#
|
#
|
||||||
#no-tlsv1
|
no-tlsv1
|
||||||
#no-tlsv1_1
|
no-tlsv1_1
|
||||||
#no-tlsv1_2
|
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
[Unit]
|
||||||
|
Description=coTURN STUN/TURN Server
|
||||||
|
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User=root
|
||||||
|
Group=root
|
||||||
|
Type=notify
|
||||||
|
ExecStart=/usr/bin/turnserver -c /etc/turnserver.conf --pidfile=
|
||||||
|
Restart=on-failure
|
||||||
|
InaccessibleDirectories=/home
|
||||||
|
PrivateTmp=yes
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -32,8 +32,8 @@ ufw allow 443/tcp
|
||||||
ufw allow 8448/tcp
|
ufw allow 8448/tcp
|
||||||
|
|
||||||
# Coturn Ports
|
# Coturn Ports
|
||||||
ufw allow 3478/tcp
|
ufw allow 3478/udp
|
||||||
ufw allow 5443/tcp
|
ufw allow 5443/udp
|
||||||
ufw allow 49152:65535/udp
|
ufw allow 49152:65535/udp
|
||||||
|
|
||||||
# Enable firewall
|
# Enable firewall
|
||||||
|
@ -54,6 +54,10 @@ sed -i "s|TURN_PWD|${TURN_PWD}|g" /etc/turnserver.conf
|
||||||
sed -i "s|EXTERNAL_IP|${EXTERNAL_IP}|g" /etc/turnserver.conf
|
sed -i "s|EXTERNAL_IP|${EXTERNAL_IP}|g" /etc/turnserver.conf
|
||||||
sed -i "s|STATIC_SECRET|${TURN_STATIC_SECRET}|g" /etc/turnserver.conf
|
sed -i "s|STATIC_SECRET|${TURN_STATIC_SECRET}|g" /etc/turnserver.conf
|
||||||
|
|
||||||
|
# Custom coturn SystemD service file to allow coturn access to Letsencrypt SSL certs
|
||||||
|
cp "${BASE_DIR}/coturn.service" /lib/systemd/system/coturn.service
|
||||||
|
systemctl daemon-reload
|
||||||
|
|
||||||
# Add Docker's official GPG key
|
# Add Docker's official GPG key
|
||||||
echo -e "Install docker\n"
|
echo -e "Install docker\n"
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue